Extracted

• • Target

    d944c39f34ef4bf74e4d08eb5e4f2c8b_JaffaCakes118

  • Size

    180KB

  • MD5

    d944c39f34ef4bf74e4d08eb5e4f2c8b

  • SHA1

    b2871afdeb9ef2bd77167f5b7192060107bed455

  • SHA256

    d942d49fb0b341de8b60047a3f75fda66d3a3eff8cf06bac3b812041273d61f3

  • SHA512

    0cbbad314c66a5585c7449b567fa51aeba38b7fd4d3a605bb98905a3e0ce6ec006f0f68192bfe1bed230b8d925bfff0676b583b38c2e2d1bc5ae5244229769d4

  • SSDEEP

    3072:M3vtETGUfzQ6/aFsvrrtFFliZ5pmFrzPRiXYO2oLmyAzZKO6QIbxbbo:drzQjFsTrtFFliZcHptOmrKiuxo

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2